npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

esverify

v0.26.6

Published

ECMAScript program verifier based on SMT solving

Downloads

18

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

levjjlevjj

Keywords

Readme

esverify

Build Status NPM Version

Program Verification for ECMAScript/JavaScript (esverify.org).

Alpha: This is still a research prototype and not yet ready for production use.

Documentation

A detailed documentation of esverify and its theoretical foundations is currently work-in-progress and will be published soon.

Example

Given a simple JavaScript max function, we can add pre- and post-conditions using special pseudo-calls to requires and ensures with boolean expressions.

function max(a, b) {
  requires(typeof a === "number");
  requires(typeof b === "number");
  ensures(res => res >= a);

  if (a >= b) {
    return a;
  } else {
    return b;
  }
}

These expressions will then be statically verified with respect to the function body with an SMT solver.

More examples can be found in the tests directory.

Supported Features

  • Expressions with boolean values, strings, integer and real number arithmetic
  • Function pre- and post conditions as well as inline assertions and invariants
  • Automatically generates counter-examples for failed assertions
  • Runs counter-example as JavaScript code to reproduce errors in dynamic context and differentiate incorrect programs from false negatives
  • Mutable variables and limited temporal reasoning, e.g. old(x) > x
  • Control flow including branching, returns and while loops with manually specified invariants
  • Inductive reasoning with loop invariants and recursive functions
  • Automatic inlining of function body for external proofs of function properties (restricted to one level of inlining)
  • Closures
  • Checking of function purity
  • Higher-order functions
  • Simple proof checking using Curry-Howard correspondence
  • Simple immutable classes with fields, methods and class invariant (no inheritance)
  • Immutable JavaScript objects using string keys
  • Immutable arrays (no sparse arrays)
  • Restricted verifier preamble for global objects such as console and Math

It is based on the z3 SMT solver but avoids trigger heuristics and thereby (most) timeouts and other unpredictable results by requiring manual instantiation. Function definitions and class invariants correspond to universal quantifiers and function calls and field access act as triggers that instantiate these quantifiers in a deterministic way.

To Do (see GitHub issues)

  • Termination checking
  • Mutable objects, arrays and classes
  • Modules with imports and exports
  • Prototype and subclass inheritance
  • Verifier-only "ghost" variables, arguments and functions/predicates
  • TypeScript as input language

Usage as Command Line Tool

Simple usage without installation:

$ npx esverify file.js

Installation:

$ npm install -g esverify

Command Line Options:

$ esverify --help
Usage: esverify [OPTIONS] FILE

Options:
  --z3path PATH           Path to local z3 executable
                          (default path is "z3")
  -r, --remote            Invokes z3 remotely via HTTP request
  --z3url URL             URL to remote z3 web server
  --noqi                  Disables quantifier instantiations
  -t, --timeout SECS      Sets timeout in seconds for z3
                          (default timeout is 10s, 0 disables timeout)
  -f, --logformat FORMAT  Format can be either "simple" or "colored"
                          (default format is "colored")
  -q, --quiet             Suppresses output
  -v, --verbose           Prints SMT input, output and test code
  --logsmt PATH           Path for logging SMT input in verbose mode
                          (default path is "/tmp/vc.smt")
  -h, --help              Prints this help text and exit
  --version               Prints version information

Usage as Library

Installation via npm:

$ npm install esverify --save

Import verify and invoke on source code to receive a promise of messages.

import { verify } from "esverify";

const opts = { };
const messages = await verify("assert(1 > 2);", opts);
messages.forEach(msg => console.log(msg.status));

The options and returned messages have the following structure:

type opts = {
  filename: string,
  logformat: "simple" | "colored" = "colored",
  z3path: string = "z3",
  z3url: string,
  remote: boolean = false,
  quiet: true,
  verbose: false,
  logsmt: '/tmp/vc.smt'
  timeout: 5,
  qi: true
}

type msg = {
  status: "verified" | "unverified" | "timeout" | "error",
  loc: { file: string, start: { line: number, column: number },
                       end:   { line: number, column: number }},
  description: string
}

Interactive Tools

A simple web-based editor is available online at esverify.org/try.

Additionally, there is a Vim Plugin and an Emacs Plugin which display verification results inline.

More tool support will be coming soon.

License

MIT License

Issues

Please report bugs to the GitHub Issue Tracker. esverify is currently developed and maintained by Christopher Schuster.

Acknowledgements

Inspired by Dafny and LiquidHaskell.

This project is developed by the Software and Languages Research Group at University of California, Santa Cruz. Thanks also to Tommy, Sohum and Cormac for support and advice.